Top Banner
MaxWiFi Training Day IT Network Design and Installation Monday 24th November 2008 Tuesday 25th November 2008
43

Training Day Slides

Jan 20, 2015

Download

Documents

adam_merritt

Training Presentation on IP Networks and basic design
Welcome message from author
This document is posted to help you gain knowledge. Please leave a comment to let me know what you think about it! Share it to your friends and learn new things together.
Transcript
Page 1: Training Day Slides

MaxWiFi Training DayIT Network Design and

Installation

Monday 24th November 2008

Tuesday 25th November 2008

Page 2: Training Day Slides

What Do We Do?

• To provide a fast, reliable Internet solution to all clients while maintaining flexibility to accommodate bespoke networks based around clients key requirements

• Ensure 100% reliability during all of the Event by providing fault tolerance and dynamic load balancing

Page 3: Training Day Slides

Three Tier Network Model

Page 4: Training Day Slides

OSI MODEL

Ensures delivery of packets

Transforms raw bits into frames

Transmits signals across cable

Controls and routes packets

Establishes and maintains sessions

Manages data conversion and syntex

Top layer protocols, HTTP, FTP etc

Page 5: Training Day Slides

TCP/IP Model

• Actual Implemented Network Model facilitating standards across vendors.

• Similar to OSI model, based on packet-switching technology

• Originally created by the U.S to maintain data communication even under foreign attack.

Page 6: Training Day Slides

Internet Protocol (IP)

• 32 bits representing a numerical address for each device on a network.

• 5 main classes of IP addresses• IP address is separated into 3 parts, network, subnet and host• Class A, B and C are used in defining hosts • Class D is used for multicasts addressing (routing protocols use

multicasts to communicate routing updates and replies)

Page 7: Training Day Slides

Class A IP addresses

• First octet I.E 10.59.0.34, 10 is the first octet, represents the Network number so there is up to 127 networks in a class a range (1-127)

• Last three octets represents host number, so there are 16777214 available hosts for each network.

• (we work this out by calculating how many bits there are in the host portion , there are 8 bits in each octet, 3 octets for host so 24 bits and each bit represents a 1 or 0 so its 2^24 -2(for the network and broadcast address)

Page 8: Training Day Slides

Class B IP addresses

• First two octets I.E 172.16.0.34, represents the Network number so there is up to 16,000 networks in a class a range (1-127)

• Last two octets represents host number, so there are 65,534 available hosts for each network.

• (we work this out by calculating how many bits there are in the host portion , there are 8 bits in each octet, 2 octets for host so 16 bits and each bit represents a 1 or 0 so its 2^16 -2(for the network and broadcast address)

Page 9: Training Day Slides

Class C IP Addresses

• First three octets I.E 192.168.0.34, represents the Network number so using the formulae 2^21 we know there is up to 2097125 networks in a class C range

• Last octet represents host number, so there are 254 available hosts for each network.

• (we work this out by calculating how many bits there are in the host portion , there are 8 bits in each octet, 1 octet for host so 8 bits and each bit represents a 1 or 0 so its 2^8 -2(for the network and broadcast address) leaving 254 usable host IP addresses.

Page 10: Training Day Slides

Class D and E Addresses

• Class D addresses are 224.0.0.1 to 239.255.255.255– Multicast addresses Used By Routing protocols to communicate

between routers (routing updates etc)

• Class E addresses are 240.0.0.1 to 254.255.255.255, these are reserved and should not be used on any IP network.

• ANY QUESTIONS SO FAR?

Page 11: Training Day Slides

Whats in a frame?

• Layer 2 Protocol Data unit which encapsulates the layer 3 packet and transports it across the LAN to another PC or a router/gateway.

• Contains Source and destination MAC address

Page 12: Training Day Slides

ARP - Address Resolotion Protocol

• 802.3 Ethernet mechanism to resolve mac address when only ip address is known

• Broadcast mechanism so more network nodes on same network means more bandwidth intensive.

Page 13: Training Day Slides

ARP - Address Resolution Protocol

• PC A: “who is 192.168.0.35”

• PC B: “ I am 192.168.0.35”

Page 14: Training Day Slides

Proxy ARP: • Host A needs to send a

packet to Host C , looks at its ip address and does arp request.

• Router intercepts and places its own mac address in ARP reply

• Router does the same for Host C replys

QuickTime™ and a decompressor

are needed to see this picture.

Page 15: Training Day Slides

10BASET 100BASETXNetworks

• 10BASET represents old mostly outdated hub networks which ran on half duplex transmission

• Computers connected to hubs shared bandwidth as only one frame could be on the wire at a time

• CSMA/CD (Carrier sense multiple access/ carrier detection) would allow devices to sense collisions and resend after a random time sequence.

Page 16: Training Day Slides

LAN Switches

• Full duplex, allowed devices to receive and send at same time.

• Gave full bandwidth to every device connected.

• Stackable - some switches are stackable- meaning they multiple clusters of switchs can operate as one logical switch.

• LLC (logical link control 802.2) allows for intelligent frame switching due to mac table.

Page 17: Training Day Slides

VLANS AND 802.1Q Trunk• Allowed multiple

networks on one switch• Separate voice traffic

from data traffic• Span vlans across

multiple switchs with use of 802.1q trunking

• 802.1q is vendor neutral trunk protocol which allows trunks to be created betwenn different vendor switches.

Page 18: Training Day Slides

Spanning-Tree Protocol

• Allows a loop free redundant network

Page 19: Training Day Slides

Cisco IOS and CLI

• Cisco Internetwork Operating system, giving a more granular approach to network design and implementation.

• Each IOS offers different functionality in context of your business needs and objectives.

Page 20: Training Day Slides

CLI Modes: User Mode

• Basic mode only allowing basic commands such as show system information and system output

• Cant be used to modify configuation parametres or to restart system, essentially no damage can be done via this mode.

• Can establish you are in user mode by the prompt

Routername>

Page 21: Training Day Slides

Enabled Mode

• Higher privileged mode used for more authoritative commands.• Used to reboot device and to load/save configs.

• Also used for debugging - probably key command in enabled mode for troubleshooting.

• Used to telnet between devices• Show commands- see specific components of configuration

such as access lists or ~NAT translations• Ping other devices or routers- extended ping• Traceroute- tests latency and diagnose problem on every hop to

destination.

Page 22: Training Day Slides

Router Configuation Mode

• Most Dangerous mode in the CLI, you can make global

modifications to router • Create and Modify NAT• Create and Modify ACL (Access control Lists)• Make static Routes• QoS - class maps and policy maps• DHCP• IPSec VPN implentation• Dot1q vlan sub interfaces• Saving and loading configurations from tftp

Page 23: Training Day Slides

Switch Configuration Mode

• VLAN setup• VTP (virtual trunk protocol)• Switch Port interfaces and static and dynamic trunking• Layer 3 features such as routing and intervlan routing• Voice Vlan tagging (Cisco 3550 series)and native Vlan• Saving and loading configurations from tftp• Spanning tree portfast.• Port security and storm control

Page 24: Training Day Slides

NAT (Network Address Translation)

• Used to allow multiple devices share (or overload) a public ip address.

• Define what ip addresses / range of ip addresses use what public ip address via Access lists

• Static Nat is one-to-one mapping (one lan ip to one public)• NAT with PAT (port address translation) allows multiple LAN ip

addresses to one public IP• Used to define incoming traffic to different servers (port

forwarding)

• Lets start of by creating a nat pool

Page 25: Training Day Slides

NAT (Network Address Translation)

• Routername(config)#ip nat pool poolname 88.97.219.110 88.97.219.112 netmask 255.255.255.248 – This creates nat pool containing 3 public ip addresses to use

– Now we have created the pool, we need to define lan IP

Routername(config)# access-list 10 permit 172.16.0.0 0.0.255.255

-Now we need to tell the router to use poolname with access list 10

Routername(config)#ip nat inside source list 10 pool poolname overload

Page 26: Training Day Slides

NAT (Network Address Translation)

• Routername(config)#ip nat inside source static tcp 10.59.0.100 80 interface fastethernet0/0 80– Or

• Routername(config)#ip nat inside source static tcp 10.59.0.100 80 88.97.219.110 80

– This now forwards incoming traffic with destination port 80 to 10.59.0.100

Page 27: Training Day Slides

Sub-Interface Ip and Nat

• Lets define the inside interface(telling router that our fastethernet1 interface is for inside nat) and give it a ip address– Routername(config)#interface fastethernet0/1– Routername(config-if)#ip address 172.16.0.1 255.255.0.0– Routername(config-if)#ip nat inside

– Lets define the outside interface (telling router that our fastethernet0 interface is for outside nat) and give it a ip address

– Routername(config)#interface fastethernet0/0– Routername(config-if)#ip address 88.97.219.110 255.255.255.248– Routername(config-if)#ip nat outside

Page 28: Training Day Slides

Static Routes

• Need to tell the router where to send packets with a unknown destination

• In configuation mode, we define the route– Routername(config)#ip route 0.0.0.0 0.0.0.0 fastethernet0/0

– Or

– Routername(config)#ip route 0.0.0.0 0.0.0.0 68.78.45.67

So now we have a router that can route from lan to wan , performing NAT and sending internet traffic correctly to the wan interface.

So lets look at DHCP next….

Page 29: Training Day Slides

DHCP (Dynamic Host Configuation Protocol)

• Used to assign Ip addresses from a set pool

• Assigns default gateway, DNS and other network information

• Multiple dhcp pools for each interface or sub-interface for intervlan routing

• TFTP assignment to voip phones

Page 30: Training Day Slides

DHCP Configuation

• Routername(config)#ip dhcp pool poolname• Routername(dhcp-confg)#network 172.16.0.0 255.255.0.0

– This tells the router to assign ip addresses to requests originating from the 172.16.0.0 interface

• Routername(dhcp-confg)#default-router 172.16.0.1– This tells the router to tell clients that the default gateway is

172.16.0.1

• Routername(dhcp-confg)#dns-server 208.67.222.222 208.67.220.220– This tells the router to hand out 208.67.222.222 and

208.67.220.220 as the primary and secondary dns servers

Page 31: Training Day Slides

CLI- saving and loading configs

• Everything done in Configuation terminal is applied to running-configuation

• Routername(config)#copy running-config startup-config– Now the config is saved to nvram so when the router is

rebooted,the config will be the same

• Routername(config)#copy startup-config tftp://172.16.0.100• Copy the config to a tftp server (LAN or WAN)

• Routername(config)#copy tftp://172.16.0.100/startup.txt start• Copys a configuation text file from tftp server to startup-config

Page 32: Training Day Slides

Cisco Catalyst 3550

• Similar to router IOS with three modes, user mode, exec mode and configuation mode

• How to set up vlans, assign a ip address to a vlan for management purposes

• Assign ports or range of ports to a vlan• Apply CoS tagging to allow voip traffic to be seperated from

non-voip traffic on a switchport• Set up trunk ports using 802.1q trunking• Storm-control and portfast

Page 33: Training Day Slides

Vlans and VTP

• Switchname(config)#

• Switchname(config)#vlan 1• Switchname(config-vlan)#name voip

We have now named a vlan, this now puts the vlan into the vlan database– Now lets give this vlan a ip address of 172.16.200.1, this effectly

gives this switch this ip address

Switchname(config)# interface vlan 1

Switchname(config-vlan-if)#ip address 172.16.200.1

Page 34: Training Day Slides

802.1q and sub-interfaces

• Create multiple interfaces from one physical interface, each sub-interface for each vlan

• Created on router lan interface

– Lets create a Sub-interface– Routername(config)#interface fas0/1.1– Routername(config-subif)#encapsulation dot1q 1 native– Routername(config-subif)#ip address 172.16.0.1

255.255.0.0– Routername(config-subif)#ip nat inside

Page 35: Training Day Slides

802.1q and sub-interfaces

• Routername(config)#interface fas0/1.2• Routername(config-subif)#encapsulation dot1.q 2• Routername(config-subif)#ip address 172.32.0.1 255.255.0.0• Routername(config-subif)#ip nat inside

– We have now set up a second interface in vlan 2 so all devices on vlan 2 on the switch/s will use this interface as gateway and obtain dhcp via this interface.

– We have now got 2 sub-interfaces under the physical fastethernet0/1 interface, all we have to do is setup dhcp for new network and amend access list 10 to allow new network to be natted.

Page 36: Training Day Slides

Switchport Trunk

• `statically assign a trunk port between the router and switch– Switchname(config)#interface fas0/1

– Switchname(config-if)#switchport trunk encapsulation dot1q

– Switchname(config-if)#switchport mode trunk

– Switchname(config-if)#speed 100

– Switchname(config-if)#duplex full

We have set up fastethernet port 1 on switch to trunk to router

Lets assign ports 3 to 10 on switch to vlan 2 data

Switchname(config)#interface range fas0/3 - 10

Switchname(config-if)#switchport mode access

Switchname(config-if)#switchport access vlan 2

Page 37: Training Day Slides

Cisco VTP (virtual trunk protocol)

• Allows easy implemantaion of Spanning Vlans via centralised managemant

• Three modes of VTP- server, client and transparent

• Create vlans on server and vlans will replicate on all switchs in same vtp domain

• Our VTP domain is Maxwifi…so

Page 38: Training Day Slides

VTP (virtual trunking protocol/

• WE log onto our designated VTP server switch– Switchname(config)#vtp domain maxwifi

– Switchname(config)#vtp password voysey

– Switchname(config)#vtp mode server

WE then log onto our client switch

Switchname2(config)#vtp domain maxwifi

Switchname(config)#vtp password voysey

Switchname(config)#vtp mode client

Page 39: Training Day Slides

Qos(quality of service) via CoS (class of service)

• Switchport to recognise voice traffic from non voice via layer 2 CoS

• Set up a voice vlan and data vlan on same port

• Enable qos to trust cos and voip traffic

Page 40: Training Day Slides

Voice Vlan

• These commands will set up a port to separate voice and non voice into 2 different vlans– Switchname(config)#mls qos

– Switchname(config)#interface range fas0/2 - 12

– Switchname(config-if)#mls qos trust cos

– Switchname(config-if)#mls qos trust device cisco-phone

– Switchname(config-if)#switchport voice vlan 1

– Switchname(config-if)#switchport access vlan 2

Now a pc plugged directly into a phone will use vlan 2 and the phone will use vlan 1 , seperating traffic.

Page 41: Training Day Slides

Cisco Aironet 1200 series

• GUI or CLI Based

• Uses A, B and G standard (2.4 and 5GHZ)

• Supports multiple modes of encryption including WEP and WPA with TKIP

Page 42: Training Day Slides

Cisco 1200 aironet config

• We need to assign a static ip to the device or it will pick one up dynamically via dhcp

– Apname(config)#interface BVi1– Apname(config-if)#ip address 172.32.0.100 255.255.0.0

– We have now assigned a ip so now we will set up SSID– Apname(config)#dot11 ssid MaxWiFi– Apname(config-ssid)#authentication open– Apname(config-ssid)#authentication key-management wpa– Apname(config -ssid)#guest-mode– Apname(config-ssid)#wpa-psk ascill wirele55

Page 43: Training Day Slides

Cisco 1200 aironet setup

• We will now apply the ssid MaxWiFi to dot11radio0 interface– Apname(config)#interface dot11radio0

– Apname(config-if)#encryption mode ciphers TKIP

This has set the interface to support TKIP cipher keys which is required for WPA

• Apname(config-if)#channel least-congested• Or• Apname(config-if)#channel (1-13)• Apname(config-if)#ssid MaxWiFi

• This will now broadcast MaxWiFi with wpa encryption